﻿using IdentityServer4;
using IdentityServer4.Models;
using IdentityServer4.Test;
using System.Security.Claims;

namespace IdentityServer4CenterPassword
{
    public static class Config
    {

        public static IEnumerable<IdentityResource> GetIdentityResources()
        {
            return new IdentityResource[] {
                new IdentityResources.OpenId(),
                 new IdentityResources.Email(),
                 new IdentityResources.Profile(),
            };
        }

        /// <summary>
        /// 定义API范围
        /// </summary>
        public static IEnumerable<ApiScope> ApiScopes =>
            new List<ApiScope>
            {
                new ApiScope("serviceA"),
                new ApiScope("serviceB"),
                new ApiScope("FileService")
            };


        /// <summary>
        /// 定义API资源
        /// </summary>
        /// <returns></returns>
        public static IEnumerable<ApiResource> GetApiResources()
        {
            return new List<ApiResource> {
                new ApiResource("serviceA","serviceA"){Scopes={ "serviceA" } },
                new ApiResource("serviceB","serviceB"){Scopes={ "serviceB" } },
                new ApiResource("FileService","FileService"){Scopes={ "FileService" } }
            };
        }

        /// <summary>
        /// 定义客户端
        /// </summary>
        /// <returns></returns>
        public static IEnumerable<Client> GetClients()
        {
            return new List<Client>
            { 
                new Client{ 
                    ClientId="web_client",
                    ClientName="AuthCenter",
                    //AllowedGrantTypes=new List<string>{ "paas_password", "paas_auth_code", "client_credentials"},
                    AllowedGrantTypes=GrantTypes.ResourceOwnerPassword,
                    //AllowedGrantTypes=GrantTypes.ClientCredentials,
                    ClientSecrets=new []{new Secret("secret".Sha256()) },
                    AccessTokenLifetime=3600,
                    AllowedScopes=new List<string>//允许访问的资源
                    {
                        "serviceA",
                        "serviceB",
                        "FileService",
                        IdentityServerConstants.StandardScopes.OpenId,
                        IdentityServerConstants.StandardScopes.Email,
                        IdentityServerConstants.StandardScopes.Profile
                    },
                    Claims=new List<ClientClaim>(){
                        new ClientClaim(IdentityModel.JwtClaimTypes.Id,"Admin"),
                        new ClientClaim(IdentityModel.JwtClaimTypes.Role,"Admin"),
                        new ClientClaim(IdentityModel.JwtClaimTypes.NickName,"管理员"),
                        new ClientClaim(IdentityModel.JwtClaimTypes.Email,"test@qq.com"),
                        new ClientClaim(IdentityModel.JwtClaimTypes.Profile,"ddddddddddd"),
                    }
                }
            };
        }


        /// <summary>
        /// In-memory user
        /// </summary>
        /// <returns></returns>
        public static List<TestUser> GetTestUsers()
        {
            return new List<TestUser>
            {
                new TestUser()
                {
                     SubjectId = "11111111",
                     Username = "admin",
                     Password = "666666",
                       Claims=new List<Claim>(){
                    new Claim(IdentityModel.JwtClaimTypes.Id,"123"),
                   new Claim(IdentityModel.JwtClaimTypes.Email,"test@qq.com"),
                   new Claim(IdentityModel.JwtClaimTypes.NickName,"管理员"),
                   new Claim(IdentityModel.JwtClaimTypes.Profile,"ddddddddddd"),
                }
                }
            };
        }

    }
}
